Created
May 7, 2020 22:29
-
-
Save matbos/9219f0c6b26aa6c74f3d325e82345c7f to your computer and use it in GitHub Desktop.
CloudFormation template with VPC, public and private subnets, prepared for deployment of a database and an API. Article with explanation available here: http://rozchmurzeni.pl/vpc---prywatne-podsieci
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: >- | |
| VPC with private subnet prepared for deployment of DB and API. | |
| Full article with explanation available here: http://rozchmurzeni.pl/vpc---prywatne-podsieci | |
| Resources: | |
| Vpc: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: 10.0.0.0/16 | |
| EnableDnsHostnames: true | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| InternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref Vpc | |
| # Publiczny subnet | |
| PublicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref Vpc | |
| InternetRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| RouteTableId: !Ref PublicRouteTable | |
| GatewayId: !Ref InternetGateway | |
| PublicSubnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: eu-west-1a | |
| CidrBlock: 10.0.1.0/24 | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref Vpc | |
| PublicSubnetTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnet | |
| # Prywatny subnet | |
| PrivateRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref Vpc | |
| PrivateSubnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: eu-west-1c | |
| CidrBlock: 10.0.3.0/24 | |
| VpcId: !Ref Vpc | |
| PrivateSubnetTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable | |
| SubnetId: !Ref PrivateSubnet | |
| # Security grupy | |
| ApiSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Api security group | |
| GroupName: api-security-group | |
| SecurityGroupIngress: | |
| - Description: Open https traffic | |
| CidrIp: 0.0.0.0/0 | |
| IpProtocol: TCP | |
| FromPort: 443 | |
| ToPort: 443 | |
| VpcId: !Ref Vpc | |
| DatabaseSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Database secruity group | |
| GroupName: db-security-group | |
| SecurityGroupIngress: | |
| - Description: Allow traffic from api | |
| IpProtocol: TCP | |
| FromPort: 3306 | |
| ToPort: 3306 | |
| SourceSecurityGroupId: !Ref ApiSecurityGroup | |
| VpcId: !Ref Vpc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment